Cisco Systems 5505BUNK9, ASA5505K8RF, ASA5505BUNK9, ASA 5505 User Manual

Cisco ASA 5505 Adaptive Security
Appliance Hardware Installation Guide

Americas Headquarters

Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 527-0883

Customer Order Number: OL-18362-01
Text Part Number: OL-18362-01

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The following inform ation is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant
to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial
environment. This equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause
harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required
to correct the interference at their own expense.

The following information is for FCC compliance of Class B devices: The equipment described in this manual generates and may radiate radio-frequency energy. If it is not
installed in accordance with Cisco’s installation instructions, it may cause interference with radio and television reception. This equipment has been tested and found to
comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules. These specifications are designed to provide reasonable
protection against such interference in a residential installation. However, there is no guarantee that interference will not occur in a particular installation.

Modifying the equipment without Cisco’s written authorization may result in the equipment no longer complying with FCC requirements for Class A or Class B digital
devices. In that event, your right to use the equipment may be limited by FCC regulations, and you may be required to correct any interference to radio or television
communications at your own expense.

You can determine whether your equipment is causing interference by turning it off. If the interference stops, it was probably caused by the Cisco equipment or one of its
peripheral devices. If the equipment causes interference to radio or television reception, try to correct the interference by using one or more of the following measures:

• Turn the television or radio antenna until the interference stops.

• Move the equipment to one side or the other of the television or radio.

• Move the equipment farther away from the television or radio.

• Plug the equipment into an outlet that is on a different circuit from the television or radio. (That is, make certain the equipment and the television or radio are on circuits
controlled by different circuit breakers or fuses.)

Modifications to this product not authorized by Cisco Systems, Inc. could void the FCC approval and negate your authority to operate the product.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at

www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership

relationship between Cisco and any other company. (1005R)

Cisco ASA 5505 Adaptive Security Appliance Hardware Installation Guide

©2007 Cisco Systems, Inc. All rights reserved.

CONTENTS

About This Guide v

Document Objectives v

Audience v

Document Organization v

Document Conventions vi

Installation Warnings vi

Where to Find Safety and Warning Information x

Obtaining Documentation and Submitting a Service Request 1-x

CHAPTER

CHAPTER

CHAPTER

1 Overview 1-1

Product Overview 1-1

Memory Requirements 1-3

Memory Requirements for the Software Version 8.3 and Later 1-3

2 Preparing for Installation 2-1

Installation Overview 2-1

Safety Recommendations 2-1

Maintaining Safety with Electricity 2-2
Preventing Electrostatic Discharge Damage 2-3

General Site Requirements 2-3

Site Environment 2-3
Preventive Site Configuration 2-3
Power Supply Considerations 2-4
Configuring Equipment Racks 2-4

3 Installing the Cisco ASA 5505 3-1

Installing the Chassis 3-1

OL-18362-01

Connecting the Interface Cables 3-1

Powering on the Cisco ASA 5505 3-3

Installing a Cable Lock 3-4

Rack or Wall Mounting the Cisco ASA 5505 3-4

Mounting the Chassis 3-5

Wall-Mounting the Chassis 3-5

Cisco ASA 5505 Hardware Installation Guide

iii

Contents

Rack-Mounting the Chassis 3-7

Installing and Wall-Mounting the Cisco ASA 5505 FIPS Enclosure 3-11

CHAPTER

APPENDIX

4 Maintenance and Upgrade Procedures 4-1

Removing and Replacing the Chassis Cover 4-1

Working in an ESD Environment 4-1
Removing the Chassis Cover 4-2
Replacing the Chassis Cover 4-3

Replacing the Lithium Battery 4-3

Installing and Replacing the SSC 4-4

Installing an SSC 4-5
Replacing an SSC 4-6

Upgrading Memory 4-6

Removing the DIMM 4-7
Installing the DIMM 4-8

Verifying the Memory Upgrade 4-9

1 Cable Pinouts 1-1

10/100/1000BaseT Connectors 1-1

Console Port (RJ-45) 1-2

RJ-45 to DB-9 1-4

I

NDEX

MGMT 10/100/1000 Ethernet Port 1-4

Gigabit and Fibre Channel Ports 1-5

iv

Cisco ASA 5505 Hardware Installation Guide

OL-18362-01

About This Guide

This preface includes the following sections:

• Document Objectives, page v

• Audience, page v

• Document Organization, page v

• Document Conventions, page vi

• Installation Warnings, page vi

• Obtaining Documentation and Submitting a Service Request, page x

Document Objectives

This guide describes how to perform installation and maintenance procedures on the Cisco ASA 5505
Adaptive Security Appliance.

Audience

This guide is for network administrators who perform any of the following tasks:

• Managing network security

• Installing and configuring firewalls

• Managing default and static routes, and TCP and UDP services

Document Organization

This guide includes the following chapters and appendices:

• Chapter 1, “Overview,” describes the product overview, LEDs and memory requirements.

• Chapter 2, “Preparing for Installation,” describes the installation overview, safety

recommendations, and general site requirements.

• Chapter 3, “Installing the Cisco ASA 5505,” describes how to connect the interface cables, and rack

or wall mount the chassis .

OL-18362-01

Cisco ASA 5505 Adaptive Security Appliance Hardware Installation Guide

v

• Chapter 4, “Maintenance and Upgrade Procedures,” describes the adaptive security appliance

maintenance and upgrade procedures.

• Appendix 1, “Cable Pinouts,” describes the cable pinouts.

Document Conventions

Command descriptions use these conventions:

• Braces ({ }) indicate a required choice.

• Square brackets ([ ]) indicate optional elements.

• Vertical bars (|) separate alternative, mutually exclusive elements.

• Boldface indicates commands and keywords that are entered literally as shown.

• Italics indicate arguments for which you supply values.

Examples use these conventions:

• Examples depict screen displays and the command line in screen font.

• Information you need to enter in examples is shown in boldface screen font.

About This Guide

• Variables for which you must supply a value are shown in

Graphical user interface examples uses these conventions:

• Boldface indicates buttons and menu items.

• Selecting a menu item (or pane) is indicated by the following convention:

Choose Start > Settings > Control Panel.

Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the

manual.

Installation Warnings

Be sure to read the Regulatory Compliance and Safety Information for the Cisco ASA 5500 Series document
that accompanied this device before installing the chassis. This document contains important safety
information. This section includes the following warnings:

• Power Supply Disconnection Warning, page vii

• Jewelry Removal Warning, page vii

• Wrist Strap Warning, page vii

• Work During Lightning Activity Warning, page vii

italic screen

font.

vi

• Installation Instructions Warning, page vii

• Chassis Warning for Rack-Mounting and Servicing, page viii

• Short-Circuit Protection Warning, page viii

• SELV Circuit Warning, page viii

• Ground Conductor Warning, page viii

Cisco ASA 5505 Adaptive Security Appliance Hardware Installation Guide

OL-18362-01

About This Guide

• Blank Faceplates and Cover Panels Warning, page viii

• Product Disposal Warning, page viii

• Short-Circuit Protection Warning, page ix

• Compliance with Local and National Electrical Codes Warning, page ix

• DC Power Connection Warning, page ix

• AC Power Disconnection Warning, page ix

• TN Power Warning, page ix

• 48 VDC Power System, page ix

• Multiple Power Cord, page ix

• Circuit Breaker (15A) Warning, page ix

• Grounded Equipment Warning, page x

• Safety Cover Requirement, page x

• Faceplates and Cover Panel Requirement, page x

Power Supply Disconnection Warning

Warning

Before working on a chassis or working near power supplies, unplug the power cord on AC units;
disconnect the power at the circuit breaker on DC units.

Jewelry Removal Warning

Warning

Before working on equipment that is connected to power lines, remove jewelry (including rings,
necklaces, and watches). Metal objects will heat up when connected to power and ground and can
cause serious burns or weld the metal object to the terminals.

Wrist Strap Warning

Warning

During this procedure, wear grounding wrist straps to avoid ESD damage to the card. Do not directly
touch the backplane with your hand or any metal tool, or you could shock yourself.

Work During Lightning Activity Warning

Warning

Do not work on the system or connect or disconnect cables during periods of lightning activity.

Statement 1001

Statement 12

Statement 43

Statement 94

Installation Instructions Warning

Warning

OL-18362-01

Read the installation instructions before connecting the system to the power source.

Statement 1004

Cisco ASA 5505 Adaptive Security Appliance Hardware Installation Guide

vii

Chassis Warning for Rack-Mounting and Servicing

About This Guide

Warning

To prevent bodily injury when mounting or servicing this unit in a rack, you must take special
precautions to ensure that the system remains stable. The following guidelines are provided to
ensure your safety:

rack.When mounting this unit in a partially filled rack, load the rack from the bottom to the top with the
heaviest component at the bottom of the rack.If the rack is provided with stabilizing devices, install the
stabilizers before mounting or servicing the unit in the rack.

Short-Circuit Protection Warning

Warning

This product requires short-circuit (overcurrent) protection, to be provided as part of the building
installation. Install only in accordance with national and local wiring regulations.

SELV Circuit Warning

Warning

To avoid electric shock, do not connect safety extra-low voltage (SELV) circuits to telephone-network
voltage (TNV) circuits. LAN ports contain SELV circuits, and WAN ports contain TNV circuits. Some
LAN and WAN ports both use RJ-45 connectors. Use caution when connecting cables.

Ground Conductor Warning

This unit should be mounted at the bottom of the rack if it is the only unit in the

Statement 1006

Statement 1045

Statement 1021

Warning

This equipment must be grounded. Never defeat the ground conductor or operate the equipment in the
absence of a suitably installed ground conductor. Contact the appropriate electrical inspection
authority or an electrician if you are uncertain that suitable grounding is available.

Blank Faceplates and Cover Panels Warning

Warning

Blank faceplates and cover panels serve three important functions: they prevent exposure to
hazardous voltages and currents inside the chassis; they contain electromagnetic interference (EMI)
that might disrupt other equipment; and they direct the flow of cooling air through the chassis. Do not
operate the system unless all cards, faceplates, front covers, and rear covers are in place.

1029

Product Disposal Warning

Warning

Ultimate disposal of this product should be handled according to all national laws and regulations.

Statement 1040

Statement 1024

Statement

viii

Cisco ASA 5505 Adaptive Security Appliance Hardware Installation Guide

OL-18362-01

About This Guide

Short-Circuit Protection Warning

Warning

This product requires short-circuit (overcurrent) protection, to be provided as part of the building
installation. Install only in accordance with national and local wiring regulations.

Compliance with Local and National Electrical Codes Warning

Warning

Installation of the equipment must comply with local and national electrical codes.

DC Power Connection Warning

Warning

After wiring the DC power supply, remove the tape from the circuit breaker switch handle and
reinstate power by moving the handle of the circuit breaker to the ON position.

AC Power Disconnection Warning

Warning

Before working on a chassis or working near power supplies, unplug the power cord on AC units.

Statement 246

TN Power Warning

Statement 1045

Statement 1074

Statement 8

Warning

The device is designed to work with TN power systems.

48 VDC Power System

Warning

The customer 48 volt power system must provide reinforced insulation between the primary AC power
and the 48 VDC output.

Multiple Power Cord

Warning

This unit has more than one power cord. To reduce the risk of electric shock when servicing a unit,
disconnect the power cord of the power strip that the unit is plugged into.

Circuit Breaker (15A) Warning

Warning

This product relies on the building’s installation for short-circuit (overcurrent) protection. Ensure that
a fuse or circuit breaker no larger than 120 VAC, 15A U.S. (240 VAC, 10A international) is used on the
phase conductors (all current-carrying conductors).

Statement 19

Statement 128

Statement 137

Statement 13

OL-18362-01

Cisco ASA 5505 Adaptive Security Appliance Hardware Installation Guide

ix

Obtaining Documentation and Submitting a Service Request

Grounded Equipment Warning

About This Guide

Warning

This equipment is intended to be grounded. Ensure that the host is connected to earth ground during
normal use.

Statement 39

Safety Cover Requirement

Warning

The safety cover is an integral part of the product. Do not operate the unit without the safety cover
installed. Operating the unit without the cover in place will invalidate the safety approvals and pose
a risk of fire and electrical hazards.

Statement 117

Faceplates and Cover Panel Requirement

Warning

Blank faceplates and cover panels serve three important functions: they prevent exposure to
hazardous voltages and currents inside the chassis; they contain electromagnetic interference (EMI)
that might disrupt other equipment; and they direct the flow of cooling air through the chassis. Do not
operate the system unless all cards, faceplates, front covers, and rear covers are in place.

142

Where to Find Safety and Warning Information

For safety and warning information, see the Regulatory Compliance and Safety Information for the
Cisco ASA 5500 Series document that accompanied the product. This document describes the

international agency compliance and safety information for the Cisco ASA 5505 Adaptive Security
Appliance. It also includes translations of the safety warnings.

Statement

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional
information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and
revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed
and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free
service and Cisco currently supports RSS Version 2.0.

Cisco ASA 5505 Adaptive Security Appliance Hardware Installation Guide

x

OL-18362-01

CHA PTER

1

Overview

Read through the entire guide before beginning any of the procedures in this book.

Warning

Caution Read the safety warnings in the Regulatory Compliance and Safety Information for the Cisco ASA 5500

Only trained and qualified personnel should install, replace, or service this equipment.

Series and follow proper safety procedures when performing these steps.

This chapter describes the product and the memory requirements and includes the following topics:

• Product Overview, page 1-1

• Memory Requirements, page 1-3

Statement 49

Product Overview

The Cisco ASA 5505 Adaptive Security Appliance delivers unprecedented levels of defense against
threats to the network with deeper web inspection and flow-specific analysis, improved secure
connectivity via end-point security posture validation, and voice and video over VPN support. It also
provides enhanced support for intelligent information networks through improved network integration,
resiliency, and scalability.

The adaptive security appliance software combines firewall, VPN concentrator, and intrusion prevention
software functionality into one software image. Previously, these functions were available in three
separate devices, each with its own software and hardware. Combining the functionality into just one
software image provides significant improvements in the available features.

Additionally, the adaptive security appliance software supports Adaptive Security Device Manager
(ASDM). ASDM is a browser-based, Java applet used to configure and monitor the software on the
adaptive security appliances. ASDM is loaded from the adaptive adaptive security appliance, then used
to configure, monitor, and manage the device.

This section describes the front and rear panels. Figure 1-1 shows the front panel LEDs.

OL-18362-01

Cisco ASA 5505 Adaptive Security Appliance Hardware Installation Guide

1-1

Product Overview

Chapter 1 Overview

Figure 1-1 Front Panel LEDs and Ports

3

4 7 8

5 6

LINK/ACT

100 MBPS

0

0 1 2 3 4 5 6 7

Power Status Active VPN SSC

Cisco ASA 5505 Series

Adaptive Security Appliance

1

2

1 USB 2.0 interface 5 Status

2 100 Mbps 6 Active

3 LINK/ACT LEDs 7 VPN

4 Power 8 SSC

Figure 1-2 shows the rear panel LEDs and Ports.

Figure 1-2 Rear Panel LEDs and Ports (AC Power Supply Model Shown)

3

2

5

153644

POWER

48

VDC

1

7

POWER over ETHERNET 6

Security
Services
Card Slot

543210

4

6

Console

1

2

8

RESET

153645

7

1 Power 48VDC 5 Console port

2 SSC slot 6 USB 2.0 interface

3 Network interface LEDs 7 Reset button

4 Network interfaces

1. Ports 6 and 7 are 15-Watt output PoE ports, used for devices, such as IP phones, which can be powered by the network
interface. They can also be used as regular Ethernet switch ports, just like the ports numbered 0 through 5.

1

8 Lock slot

1-2

Cisco ASA 5505 Adaptive Security Appliance Hardware Installation Guide

OL-18362-01

Chapter 1 Overview

Memory Requirements

The default DRAM memory is 256MB and the default internal flash memory is 128MB for the
Cisco ASA 5505.

In a failover configuration, the two units must have the same hardware configuration They must be the
same model, have the same number and types of interfaces, and the same amount of RAM.

Note The two units do not have to have the same size Flash memory. If using units with different Flash

memory sizes in your failover configuration, make sure the unit with the smaller Flash memory has
enough space to accommodate the software image files and the configuration files. If it does not,
configuration synchronization from the unit with the larger Flash memory to the unit with the smaller
Flash memory will fail.

For more information, see the Cisco Security Appliance Command Line Configuration Guide.

Memory Requirements for the Software Version 8.3 and Later

Memory Requirements

For information on memory requirements for the adaptive security appliance for software Version 8.3 or
later, go to:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_bulletin_c25-58

6414.html

OL-18362-01

Cisco ASA 5505 Adaptive Security Appliance Hardware Installation Guide

1-3

Memory Requirements

Chapter 1 Overview

1-4

Cisco ASA 5505 Adaptive Security Appliance Hardware Installation Guide

OL-18362-01

Preparing for Installation

The information in this guide applies to the Cisco ASA 5505 In this guide, references to “adaptive
security appliance” or security appliance apply to the Cisco ASA 5505 chassis unless specifically noted
otherwise.

This chapter describes the steps to follow before installing new hardware or performing hardware
upgrades, and includes the following sections:

• Installation Overview, page 2-1

• Safety Recommendations, page 2-1

• General Site Requirements, page 2-3

Installation Overview

To prepare for the installation of the chassis, perform the following steps:

CHA PTER

2

Step 1 Review the safety precautions outlined in the Regulatory Compliance and Safety Information for the

Cisco ASA 5500 Series document.

Step 2 Read the release notes for the respective software version.

Step 3 Unpack the chassis. An accessory kit ships with the chassis and includes the following items:

documentation, a product CD, a power cord (AC models only), two RJ-45 Ethernet cables, one RJ-45 to
DB-9 console cable, a rack-mounting kit, and four self-adhesive feet (for desktop mounting).

Step 4 Place the chassis on a stable work surface.

Safety Recommendations

Use the following guidelines and the information in the following sections to help ensure your safety and
protect the adaptive security appliance. The list of guidelines may not address all potentially hazardous
situations in your working environment, so be alert and exercise good judgement at all times.

Note If you need to remove the chassis cover to install a hardware component, such as additional memory or

an interface card, doing so does not affect your Cisco warranty. Upgrading the adaptive security
appliance does not require any special tools and does not create any radio frequency leaks.

OL-18362-01

Cisco ASA 5505 Adaptive Security Appliance Hardware Installation Guide

2-1

Safety Recommendations

The safety guidelines are as follows:

• Keep the chassis area clear and dust-free before, during and after installation.

• Keep tools away from walk areas where you and others could fall over them.

• Do not wear loose clothing or jewelry, such as earrings, bracelets, or chains, that could get caught

in the chassis.

• Wear safety glasses if you are working under any conditions that might be hazardous to your eyes.

• Do not perform any action that creates a potential hazard to people or makes the equipment unsafe.

This section includes the following topics:

• Maintaining Safety with Electricity, page 2-2

• Preventing Electrostatic Discharge Damage, page 2-3

Maintaining Safety with Electricity

Chapter 2 Preparing for Installation

Warning

Before working on a chassis or working near power supplies, unplug the power cord on AC units;
disconnect the power at the circuit breaker on DC units.

Statement 12

Follow these guidelines when working on equipment powered by electricity:

• Before beginning procedures that require access to the interior of the chassis, locate the emergency

power-off switch for the room in which you are working. Then, if an electrical accident occurs, you
can act quickly to turn off the power.

• Do not work alone if potentially hazardous conditions exist anywhere in your work space.

• Never assume that power is disconnected from a circuit; always check the circuit.

• Look carefully for possible hazards in your work area, such as moist floors, ungrounded power

extension cables, frayed power cords, and missing safety grounds.

• If an electrical accident occurs, proceed as follows:

–

Use caution; do not become a victim yourself.

–

Disconnect power from the system.

–

If possible, send another person to get medical aid. Otherwise, assess the condition of the victim
and then call for help.

–

Determine if the person needs rescue breathing or external cardiac compressions; then take
appropriate action.

• Use the adaptive security appliance chassis within its marked electrical ratings and product usage

instructions.

• Install the adaptive security appliance in compliance with local and national electrical codes as listed

in the Regulatory Compliance and Safety Information for the Cisco ASA 5500 Series document.

2-2

• The adaptive security appliance models equipped with AC-input power supplies are shipped with a

3-wire electrical cord with a grounding-type plug that fits only a grounding-type power outlet. Do
not circumvent this safety feature. Equipment grounding should comply with local and national
electrical codes.

Cisco ASA 5505 Adaptive Security Appliance Hardware Installation Guide

OL-18362-01